Securing a network isn’t just one job but really a web of tasks that layer security, said Will Blaylock, chief information officer for Rockwood School District, headquartered in Eureka.

For example, setting up a firewall is vital so the public can access equipment without putting a network at risk, he said.

“You need to use intrusion detection/prevention systems, which monitor network traffic for malicious activity and content like malware and viruses and block it,” he said.

Also a must are up-to-date anti-virus software and complex passwords to log into the network. Some companies even use biometrics, such as fingerprints or retinal scans, to log in, or require two-factor authentification, such as using both a card with a magnetic strip and then a password to get onto the network.

Even simple door locks are invaluable. “Your most common security breaches are internal, with people accessing a computer they shouldn’t have access to because it was left logged in,” Blaylock said.

But one fundamental is staff training. “People shouldn’t open emails from sources they don’t recognize,” Blaylock said. “They shouldn’t go for all the free software people are trying to hand you on the Internet or it will infect a computer. And don’t put credit card information or Social Security numbers in open emails.”

People too often overlook physical network security in a building, according to Matt Haug, information technology manager with the city of Chesterfield. “For example, if you look around a building you’ll see active network jacks, which allow anyone to plug in and have access even if they don’t have any knowledge of that network,” he said. “Someone could plug in and run a sniffer, which is a program designed to sniff network traffic and record what is going on inside it.”

A firewall needs to include protection from email, Haug said. “A lot of attachments come in with viruses or worm or some type of payload that can be damaging,” he said.

Control all entry points to a network like email, Internet, physical and wireless access. “In Chesterfield, we even control USB drives so users can’t just buy a drive and plug it into a computer before we authorize it,” Haug said.

If you have a limited security budget, use it to protect the things most valuable to your business, said Anthony DeCanti, senior vice president and chief information officer for UniGroup, a $1.6 billion transportation and relocation services company based in Fenton.

He also advises having a plan for dealing with a breach before an event occurs to be more able to contain the damage.

“Have multiple layers of protections in place against inside and outside threats,” DeCanti said. Think of a password as a phrase or sentence, not one word, DeCanti said, so “you can make strong passwords that are easy to remember.”

And it’s a good idea to patch systems regularly because new bugs and vulnerabilities are found all the time.

“The information you are trying to protect is constantly changing, so your strategy to protect that information should evolve with it,” DeCanti said.*